Server-Side Data Scrubbing
If you cannot - or do not want to - scrub data within the SDK, Sentry provides a number of options to achieve this in the product itself. You'll find these settings under the Data Scrubber option within both your Organization and individual Project settings. By default this is enabled, and we highly recommend you keep it that way.
With it enabled, Sentry will scrub the following:
- Values that look like they contain credit cards (using a basic regular expression)
- Values that themselves contain, or whose keynames contain, any of the following strings:
- password
- secret
- passwd
- api_key
- apikey
- access_token
- auth
- credentials
- mysql_pwd
- stripetoken
- card[number]
- github_token
- privatekey
- private_key
- Values that contain strings in, or whose keynames are listed in, [Project] > Settings > Security & Privacy in "Additional Sensitive Fields".
- An entry in "Additional Sensitive Fields" such as
mysekret
, for example, will cause the removal of any field namedmysekret
, but also removes any field value that containsmysekret
. Sentry does this to protect against sensitive data leaking as part of structured data that has been sent as a single string to Sentry (such as, a JSON object that is stringified and embedded as JSON string in another JSON structure). - As an extreme example where this behavior can become surprising, the string
"Unexpected error"
will be removed from events if the entryexp
is in "Additional Sensitive Fields".
- An entry in "Additional Sensitive Fields" such as
Sentry will redact arrays and literal values, but not entire objects. For example:
credentials = {
username: 'jane',
cats: ['pancake', 'maple', 'hellboy']
password: 'p4ssw0rd!',
lastLogin: 'yesterday',
...
}
Using the default options would not cause the object credentials
to be redacted in its entirety; rather, all of its entries would be subject to scrubbing. So password
would be redacted by default, and adding cats
, username
, and/or lastLogin
to the list of additional fields would cause those values to be redacted as well.
You can choose to expand the keys that are scrubbed by the server, as well as prevent IP addresses from being stored. The latter is particularly important if you’re concerned about PII and using our Browser JavaScript SDK.
In addition, we provide an Advanced Data Scrubbing feature that allows more control over how filters are applied.
Removing Data
If you’ve accidentally sent sensitive data to the server, you likely don't to want to leave it there. There are a few things to note in removal:
- If you send the data as a tagged value, removing the event is not enough. Visit your Project Settings > Tags to permanently remove any related data for a given tag.
- While you cannot delete a single event, you can delete the issue the event is in by clicking the trash icon on the Issue Details page.
- If a large number of unique events - representing multiple issues - contain the data, you may need to delete and re-create the project to effectively cleanse the system.
Known Limitations
It's not currently possible to avoid scrubbing data in breadcrumbs by adding the category name in "Safe Fields". Only the message and data in breadcrumbs are used for data scrubbing. Also, if custom JSON data is provided, the fields will be scrubbed according to the configured rules and the entries in "Safe Fields".
Our documentation is open source and available on GitHub. Your contributions are welcome, whether fixing a typo (drat!) to suggesting an update ("yeah, this would be better").